Software-Inspired Techniques for Digital Hardware Security

Abstract

We entered an era where new hardware flourishes at an unprecedented pace and with unseen diversity. We are also living in an era where security and safety are paramount, and where the potential impact of a single bug can be catastrophic. Hence, we urgently need foundations to detect as many hardware bugs as possible before their deployment. Hardware validation is universally recognized as complex, expensive and tedious. Despite genuine best efforts, the last decade has shown that the industry is incapable of producing non-trivial bug-free hardware. What will then happen with the rise of open-source hardware? Without effective and easy-to-adopt solutions for validation, it is hard to believe that the open-source hardware community will be able to produce safe and secure hardware, despite its best intentions. Interestingly, the exact same situation occurred in the software world some decades ago. Software was plagued with myriads of bugs and security issues, after what the software community developed a formidable set of tools and methodologies to detect bugs and security issues. Could we adapt some of these tools and methodologies to hardware? To answer this question, our plan is to first observe many CPU errata, deduce the most promising techniques from software security, and adapt them. To understand contemporary CPU bugs, we build the RemembERR database based on thousands of errata. We deduce two techniques inspired by software security that are particularly promising for hardware: dynamic information flow tracking and fuzzing. We introduce CellIFT, the first scalable hardware dynamic information flow tracking mechanism and showcase 4 new architectural or microarchitectural security applications. We then introduce Cascade, a black-box CPU fuzzer that found dozens of new bugs and outperforms other fuzzers' coverage. We finally demonstrate MiRTL, a new class of hardware attacks that relies on EDA software bugs, and propose TransFuzz, a fuzzer that produces complex hardware descriptions to find such bugs in popular open-source EDA software. All these contributions demonstrate that when properly adapted, software security techniques can provide effective and easy-to-adopt solutions that will empower safer and more secure hardware.